v0.5.3

💀 Security Announce

A security issue related to the Capability of TenantBuilder has been discovered.
This issue mainly affects those who execute the exec command. Although the risk of attack from outside is limited, we recommend that you update.
GHSA-5w4j-f78p-4wh9

What's Changed

🐛 Bug Fixes

• Security: Fix compromised tj-actions/changed-files action by @sou1118 in #3112

🧪 Test improvements and Misc Fixes

• Fix the release flow by @utam0k in #3098
• chore(ci): add cgroup v1 compatibility for tests on ubuntu-24.04 by @sou1118 in #3102
• fix: CPU controller tests for Kernel 6.10 cgroup v2 changes by @sou1118 in #3106
• chore(ci): Upgrade GitHub Actions workflows for ubuntu-24.04 by @sou1118 in #3097
• fix: release ci tests also need apparmor disable by @YJDoc2 in #3118
• chore(ci): add criu ppa for podman-tests ci by @sou1118 in #3120

Other Changes

• Release for v0.5.3 by @github-actions in #3119

Full Changelog: v0.5.2...v0.5.3

v0.5.2

What's Changed

💪 Improvements

• Support feature subcommand by @musaprg in #2837

🐛 Bug Fixes

• fix(libcgroup): fix disable_oom_killer in cgroup v1 by @xujihui1985 in #3090

🧪 Test improvements and Misc Fixes

• Add a PR template file by @Gekko0114 in #3049
• add process rlimits fail test by @ntkm61027 in #3051
• Use MountOption enum to parse mount options defined in the spec by @musaprg in #2937
• ci: Publish packages after the release flow by @utam0k in #3064
• Make sepc into &spec in test_{outside,inside}_containe by @utam0k in #3068
• linux_masked_paths integration test by @nayuta-ai in #2950
• fix: compilation errors in contest by @YJDoc2 in #3086
• Remove problematic comments between package name in apt install by @musaprg in #3060
• Add delete test by @sou1118 in #3082

Other Changes

• Upgrade direct dep rand to 0.9.0 by @YJDoc2 in #3083
• rollup multiple dep updates by @YJDoc2 in #3084
• lset_file_label should check for symlink instead of raw file by @foreverddong in #3073
• Release for v0.5.2 by @github-actions in #3050

New Contributors

• @ntkm61027 made their first contribution in #3051
• @nayuta-ai made their first contribution in #2950
• @foreverddong made their first contribution in #3073
• @sou1118 made their first contribution in #3082

Full Changelog: v0.5.1...v0.5.2

v0.5.1

What's Changed

🐛 Bug Fixes

• Fix building the wasmedge feature by @utam0k in #3041

🧪 Test improvements and Misc Fixes

• Do cargo check before releasing a new version by @utam0k in #3039

Other Changes

• Release for v0.5.1 by @github-actions in #3044

Full Changelog: v0.5.0...v0.5.1

v0.5.0

What's Changed

💪 Improvements

• libcontainer: support set stdios for container by @abel-von in #2961
• Add option to spawn processes as siblings by @jprendes in #3012

💥 Breaking Changes

• libcontainer: use OwnedFd as console_socket in ContainerBuilder by @abel-von in #2966

🐛 Bug Fixes

• Fixed ENAMETOOLONG error in setup_console_socket by @morganllewellynjones in #2915
• fix(libcontainer) no_pivot args is not used by @xujihui1985 in #2923
• Fix/return multi errors on create failed by @xujihui1985 in #2998
• fix duplicate gids in container creation by @YJDoc2 in #3019
• Fix --preserve-fds, eliminate stray FD being passed into container by @aidanhs in #2893

📖 Documentation improvements

• Add the affiliations of youki maintainers by @utam0k in #2947
• docs: update github pages links by @tskxz in #2969
• switch from license-file to license by @jprendes in #3023

🧪 Test improvements and Misc Fixes

• ci: update action versions to fix deprecation warnings by @YJDoc2 in #2918
• deps: update wasmedge to 0.14.0 by @YJDoc2 in #2928
• Bump oci-spec to 0.7.0 by @kiokuless in #2934
• remove incorrect dependency in readme by @YJDoc2 in #2940
• Add seccomp into feature flags of youki to be compiled in by @musaprg in #2924
• Add unittest to expertiment seccomp programs by @sat0ken in #2956
• print "unknown" instead of defaults if we cannot get kernel config by @YJDoc2 in #2964
• Add test process rlimits by @sat0ken in #2977
• Add test process user by @sat0ken in #2978
• add test process_oom_score_adj by @saku3 in #2987
• Add process test by @sat0ken in #2968
• refactor(test): refine function create_container by @xujihui1985 in #2973
• Add test root readonly by @sat0ken in #2976
• Adding Discord link to docs by @crmejia in #3005
• Prepare for v0.5.0 by @utam0k in #3016
• Use later stable rust version 1.81.0 to fix the CI by @musaprg in #3033
• Don't specify the versionFile for tagpr by @utam0k in #3036

Other Changes

• selinux: create Vagrantfile for SELinux by @Gekko0114 in #2900
• Cargo.toml: remove unused dependnecies by @Mossaka in #2921
• deps: update wasmtime by @YJDoc2 in #2929
• selinux: fix xattr and remove anyhow by @Gekko0114 in #2936
• .github/workflows/basic: check unused deps on 'check' job by @Mossaka in #2941
• seccomp: Update experiment seccomp program by @sat0ken in #2946
• create mount_rootfs method by @Gekko0114 in #2953
• Update deps: roll multiple dependabot PRs into one by @YJDoc2 in #2993
• Release for v0.5.0 by @github-actions in #2906

New Contributors

• @kiokuless made their first contribution in #2934
• @morganllewellynjones made their first contribution in #2915
• @sat0ken made their first contribution in #2946
• @xujihui1985 made their first contribution in #2923
• @tskxz made their first contribution in #2969
• @saku3 made their first contribution in #2987
• @abel-von made their first contribution in #2961
• @crmejia made their first contribution in #3005
• @aidanhs made their first contribution in #2893

Full Changelog: v0.4.1...v0.5.0

v0.4.1

This point release is primarily for updating our nc dependency version , as the last update was breaking musl static builds, see #2894 . Apart from that there are not changes in this point release. You can skip updating if you do not use musl/ not experienced any breakage related to to builds.

What's Changed

🧪 Test improvements and Misc Fixes

• update nc version to 0.9.3 by dependabot in #2895
• prepare for version 0.4.1 by @YJDoc2 in #2897
• Update Cargo.toml for v0.4.1 by @utam0k in #2904

Other Changes

• Release for v0.4.1 by @github-actions in #2896

Full Changelog: v0.4.0...v0.4.1

v0.4.0

What's Changed

💪 Improvements

• Export max_usage in cgroups v2 mode by @HeRaNO in #2802
• Add new setup_envs method for the Executor trait by @musaprg in #2820

💥 Breaking Changes

• Rename to improve readability by @utam0k in #2818

🐛 Bug Fixes

• Fix/dbus call issue by @YJDoc2 in #2838

📖 Documentation improvements

• Add the governance by @utam0k in #2806
• optimization runtime_tools.md doc by @lengrongfu in #2816
• Update README.md by @utam0k in #2822
• Fix typo by @utam0k in #2836
• docs: fix with_executor method description by @Andreagit97 in #2834

🧪 Test improvements and Misc Fixes

• Update nix to 0.28.0 by @omprakaash in #2728
• Fix word order in README sentence justifying Rust usage by @andrewimeson in #2805
• move macro define youki_version to use before by @lengrongfu in #2813
• Use HashMap for envs in container_init_process by @musaprg in #2817
• Ignore linter for MOUNT_ATTR__ATIME by @yihuaf in #2819
• Update go version in podman CI and vagrantfile by @YJDoc2 in #2828
• Fix typos and bump version for typos ci by @Jerrypoi in #2839
• Install nightly for running linter inside devcontainer by @musaprg in #2845
• Add issue templates by @YJDoc2 in #2829
• chore(deps): update oci-spec to v0.6.7 by @Mossaka in #2847
• Bump oci-spec by @keisku in #2854
• Update devcontainer.json by @keisku in #2857
• Apply building best practices to .devcontainer/Dockerfile by @keisku in #2856
• Fix markdown format in experiment/selinux/README.md by @keisku in #2855
• initial progress on supporting OwnedFd by @zahash in #2809
• Rust 1.80.0 by @utam0k in #2869
• Update nc dependency to 0.9.2 by @posutsai in #2884
• Prepare for v0.4.0 by @utam0k in #2880
• Release for v0.4.0 by @github-actions in #2791

Other Changes

• Init a selinux project by @Gekko0114 in #2800
• selinux: write xattr related codes. by @Gekko0114 in #2825
• selinux: implemented remaining selinux functions by @Gekko0114 in #2850

New Contributors

• @HeRaNO made their first contribution in #2802
• @andrewimeson made their first contribution in #2805
• @musaprg made their first contribution in #2817
• @Gekko0114 made their first contribution in #2800
• @Jerrypoi made their first contribution in #2839
• @Andreagit97 made their first contribution in #2834
• @Mossaka made their first contribution in #2847
• @keisku made their first contribution in #2854
• @posutsai made their first contribution in #2884

Full Changelog: v0.3.3...v0.4.0

v0.3.3

What's Changed

💪 Improvements

• Add support for rsvd hugetlb cgroup by @omprakaash in #2719

💥 Breaking Changes

• Improve error reporting and logging by @YJDoc2 in #2705

🐛 Bug Fixes

• Fix cgroups determination in exec implementation by @YJDoc2 in #2720
• Remove unnecessary chdir by @utam0k in #2780

🧪 Test improvements and Misc Fixes

• Rollup dep updates by @YJDoc2 in #2667
• Fill in TODO by @utam0k in #2677
• Fix the links of contest by @utam0k in #2680
• Set '--test-threads' option to 1 in unit tests by @YJDoc2 in #2685
• add io priority e2e test by @lengrongfu in #2646
• (fix) podman e2e : Update workflow for new required deps, add vagrantfile by @YJDoc2 in #2687
• Add missed test-threads=1 to coverage CI by @YJDoc2 in #2699
• Fix integration test validation CI, make io_priority test conditional by @YJDoc2 in #2707
• 📝 Remove GitPod and add link to GitHub codespaces by @homersimpsons in #2717
• Limt dependabot updates to only direct dependencies by @utam0k in #2725
• fix observability default log level comment by @zahash in #2737
• Update deps via cargo update by @YJDoc2 in #2747
• Rust 1.77.1 by @utam0k in #2746
• Make our codespaces more useful by @utam0k in #2753
• Fix README.md by @utam0k in #2759
• update wasmtime dep to 19.0.1, replace wasmtime-wasi with wasi-common by @YJDoc2 in #2752
• Reset console sockets to original in setup_console test by @YJDoc2 in #2764
• Update rust version to 1.77.2 by @YJDoc2 in #2779
• Add linux_devices test by @omprakaash in #2708
• deps: Disable unused/unnecessary regex features in libcontainer by @jirutka in #2781
• Add rustfmt.toml to standardize formatting by @jprendes in #2787
• Update the release workflow by @utam0k in #2789
• Release v0.3.3 by @utam0k in #2794

Other Changes

• Rollup dep update by @YJDoc2 in #2674
• Init a seccomp project by @utam0k in #2729
• seccomp: Use offset_of! by @utam0k in #2763
• seccomp: Add a case for checking arguments by @utam0k in #2775
• Release for v0.3.3 by @github-actions in #2665

New Contributors

• @homersimpsons made their first contribution in #2717
• @zahash made their first contribution in #2737
• @omprakaash made their first contribution in #2719
• @jirutka made their first contribution in #2781

Full Changelog: v0.3.2...v0.3.3

v0.3.2

Security

This release fixes security issues identified in GHSA-xr7r-f8xq-vfvv. Although this is not known to directly lead to vulnerabilities, it was an area that should have been fixed.

Address GHSA-xr7r-f8xq-vfvv by @utam0k in #2663

What's Changed

💪 Improvements

• (feat) add support for musl using cross-rs by @jprendes in #2536
• add schedule entity by @lengrongfu in #2495
• Address GHSA-xr7r-f8xq-vfvv by @utam0k in #2663

📖 Documentation improvements

• fix: just instead make by @bestgopher in #2585
• [doc] Update doc with cross-rs and musl builds by @jprendes in #2621

🧪 Test improvements and Misc Fixes

• New Releases needs approval from the maintainer by @utam0k in #2583
• Updaet to Containerd 1.7.11 by @utam0k in #2558
• chore(deps) bump tabwriter, windows-core, tempfile, memchr, clang-sys by @YJDoc2 in #2608
• Name the test tools contest by @utam0k in #2486
• Fix the missed naming changes in integration test validation CI by @YJDoc2 in #2629
• Roll up various minor and major version dep upgrade by @YJDoc2 in #2638
• Add docker-in-docker e2e test by @jprendes in #2645
• Add domainname test by @higuruchi in #1544
• Re enable skipped e2e tests by @YJDoc2 in #2647

Other Changes

• Release for v0.3.2 by @github-actions in #2582
• Release v0.3.2 by @utam0k in #2664

New Contributors

• @bestgopher made their first contribution in #2585

Full Changelog: v0.3.1...v0.3.2

v0.3.1

What's Changed

💪 Improvements

• fix(libcgroups): report CPU throttling stats in 'libcgroups::v2' by @xiaoyang-sde in #2524
• fix(main): support arm64 release youki by @cuisongliu in #2498

🐛 Bug Fixes

• Specify the protobuf crate because of the rust-criu crate by @utam0k in #2497
• docs(main): auto release node using just by @cuisongliu in #2573
• Fix emulated cgroups v1 subsystem when running docker-in-docker by @jprendes in #2532

📖 Documentation improvements

• docs(main): support arm64 release docs by @cuisongliu in #2510
• fix docs by @lengrongfu in #2550
• docs(main): auto release node using just by @cuisongliu in #2537

🧪 Test improvements and Misc Fixes

• Grouping patch updates in dependabot. by @utam0k in #2496
• Fix the config of the dependenda bot by @utam0k in #2502
• feature(main): add release strip by @cuisongliu in #2503
• test(integration_test): port 'runtime-tools/validation/linux_sysctl' by @xiaoyang-sde in #2527
• docs(libcgroup): add docs for several items in 'libcgroup::v2' by @xiaoyang-sde in #2525
• test(integration_test): port 'runtime-tools/validation/linux_seccomp' by @xiaoyang-sde in #2531
• fix(libcgroups): clean up 'libcgroups::v1::manager' by @xiaoyang-sde in #2530
• small typo in trace message by @Pvlerick in #2535
• Set up userns in a straightforward way by @utam0k in #2548
• Rust 1.74.1 by @utam0k in #2557
• Simplify release workflow by @jprendes in #2541
• config: Automated Tagpr Update for 0.3.1 by @github-actions in #2571
• Release for v0.3.1 by @github-actions in #2570
• Ignore CHANGELOG.md in typos by @utam0k in #2572

Other Changes

• Release for v0.3.1 by @github-actions in #2578

New Contributors

• @cuisongliu made their first contribution in #2503
• @xiaoyang-sde made their first contribution in #2527
• @Pvlerick made their first contribution in #2535
• @github-actions made their first contribution in #2571

Full Changelog: v0.3.0...v0.3.1

0.3.0 Release

What's Changed

💪 Improvements

• Feat/podman rootless by @YJDoc2 in #2370
  • This PR is based on the amazing debugging and groundwork for proof-of-concept by @orimanabu , @Furisto as well as great help in review and suggestions by @yihuaf and @utam0k 🙏
• feat: allow customize cgroup root path by @fengxsong in #2411

🐛 Bug Fixes

• Use raw syscalls to avoid sporadic hangs by @jprendes in #2425
• Fix device duplication in rootfs preparation by @YJDoc2 in #2438

📖 Documentation improvements

• Add the documentation for debugging by @utam0k in #2382
• Update the developer documentation for the e2e tests. by @utam0k in #2381
• docs: update docs regarding the changes in #2411 by @fengxsong in #2434

🧪 Test improvements and Misc Fixes

• Change rootless required function and privilege decision by @YJDoc2 in #2279
• Skip the tests related to criu when criu is not found by @utam0k in #2365
• Refactor doc test and justfile by @yihuaf in #2330
• Add initial tests for rootless podman by @YJDoc2 in #2406
• update nix to 0.27.1 by @anti-entropy123 in #2369
• Refactor test dir structure by @YJDoc2 in #2421
• Use static build of wasmedge by @jprendes in #2420
• v0.3.0 by @utam0k in #2437

New Contributors

• @anti-entropy123 made their first contribution in #2369
• @fengxsong made their first contribution in #2411

Full Changelog: v0.2.0...v0.3.0